Google removes 22 apps from the Play Store that generated fake ad clicks

Google has removed 22 apps listed in the Google Play Store. Based on a story published today, it appears that these apps were design to trick advertisers and collect revenue by pretending that the phone owners had clicked on an ad. The 22 apps that were pulled had been installed over 2 million times by unsuspecting Android device owners.

The malicious apps used malware to pretend to be other apps running on a variety of iOS and Android phones, and were directed to request ads through a command-and-control server. So as not to draw the user’s attention to the bogus apps, the ads appeared inside a hidden browser window (0 pixels high x 0 pixels wide) where false user interaction with them would generate the fake ad clicks. This would take place whether or not the phone’s user had any of the malicious apps open.

The only hint to the phone’s owner that something was awry would be higher than expected data usage, and faster battery drainage. In addition to pretending to be a different app on an iPhone 5 to an iPhone 8 Plus, the malicious apps would trick advertisers into believing that their ad was being seen by one of 249 different Android models from 33 distinct brands, running on Android 4.4.2 to 7.x.

The 22 apps given the boot include:

Sparkle FlashLight

Snake Attack

Math Solver

ShapeSorter

Tak A Trip

Magnifeye

Join Up

Zombie Killer

Space Rocket

Neon Pong

Just Flashlight

Table Soccer

Cliff Diver

Box Stack

Jelly Slice

AK Blackjack

Color Tiles

Animal Match

Roulette Mania

HexaFall

HexaBlocks

PairZap

If you have any of these installed on your Android device, uninstall them now! Interestingly, the iOS versions of these apps are safe to use. Frankly, we wouldn’t take the chance that they might be infected down the road.